Beaver Builder delivers on the claim to “Free Up Your Time and Unleash Your Creativity”. With just a few clicks you can create a complex layout with dynamic content and eye-catching visuals. It is powerful, robust. So we deep dived into this for our practitioner’s meetup!

During the talk, Cousett covered the ins and outs of this powerful WordPress page builder, from the basics to some of the extensions and pricing options.

Cousett did this talk for anyone looking for a solid page builder, is curious about Beaver Builder or who wants to expand their knowledge on page builders.

Here are the notes for anyone who is looking for a way to bypass the hassle of coding a complex template using Beaver Builder.

Before we go on, if you want a quick intro to Beaver Builder, you can see Chris Lema’s review here.

Rich Plakas lead a lively presentation that covered what those new to WordPress need to know about Best Practices for Website Design and How to Implement them in WordPress. This presentation guided attendees through the types of questions and thought processes you need to keep in mind when developing a site for yourself or others.

Who is the target audience?

What is the primary goal of your website?

How do you plan to drive traffic to your website?

Is your website mobile responsive?

Using Analytics to gain insight to visitors.

Are Mailing Lists useful?

Richreviewed some websites to help attendees to know what to look for in a best practices-designed site. Additionally he reviewed some of the attendees’ sites and made suggestions for improvement.

This Security Advisory is Coordinated Disclosure by Sucuri and released jointly with all developers involved and the WordPress core security team and was posted on the Surcui Blog byDaniel Cid on April 20, 2015

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of theadd_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.

There are probably a few more that we have not listed. If you use WordPress, we highly recommend that you go to your wp-admin dashboard and update any out of date plugins now.

This issue was first identified by Joost from Yoast in one of his plugins (he did a great write up about it as well). We worked together with him to investigate the issue and found that it likely affected a lot more plugins than just that one.

Our research team, along with a few friends (especially Joost from Yoast ) have been going through the WordPress repository for the last few days in an attempt to find and warn as many plugin developers as possible – to warn and help them patch the issue.

Coordinated Disclosure

This vulnerability was initially discovered last week, due to the varying degrees of severity and more importantly, the large volume of plugins affected, we coordinated a joint security release with all developers involved and the WordPress core security team. It was great team work, and a pleasant experience to see so many developers united and working together for the common good. We can happily say that all plugins have been patched, and as of this morning updates should be available to all users. (yes, everyone pushed their updates in unison 2 hours ago).

If you use WordPress, now it is your turn to update your plugins!

If you have automatic updates enabled, your site should already be patched, especially in the most severe cases.

There are more plugins vulnerable

Our team only analyzed the top 300-400 plugins, far from all of them as you might imagine. So there are likely a number of plugins still vulnerable. If you’re a developer, check your code to see how you are use these two functions:

add_query_arg

remove_query_arg

Make sure you are escaping them before use. We recommend using the esc_url() (or esc_url_raw())functions with them. You should not assume that add_query_arg and remove_query_arg will escape user input. The WordPress team is providing more guidelines on how to use them here.

Update Time!

If you use any of these plugins, make sure to update them now! We will continue to investigate and look for more plugins vulnerable and keep our list here current.

This is also a good time to remind everyone that all software will have bugs and some of those bugs will inevitably lead to security vulnerabilities, such is the life we live in. This applies to plugins, themes, webservers, CMS’s and basically anything that is written by people and based on code. As much as developers try to minimize them and deploy secure coding principles, mistakes will inevitably still happen. We just have to be prepared and find ways to minimize the affect of any vulnerability in your environment; a perfect example of such an approach is what you’re seeing today with this coordinate release.

Here are some tips and tricks to remember to help reduce your overall threat risk, helping to improve your individual security posture:

Patch. Keep your sites updated.

Restrict. Restrictive access control. Restrict your wp-admin directory to only white listed IP Addresses. Only give admin access to users that really need it. Do not log in as admin unless you are really doing admin work. These are some examples of restrictive access control policies that can minimize the impact of vulnerabilities in your site.

Monitor. Monitor your logs. They may give you clues to what is happening on your site.

Reduce your scope. Only use the plugins (or themes) that your site really needs to function.

Detect. Prevention may fail, so we recommend scan your site for indicators of compromise or outdated software. Our plugin and Sitecheck can do that for free for you.

Defense in Depth. If you have an Intrusion Prevention System (IPS) or Web Application Firewall (WAF), they can help block most common forms of XSS exploits. You can even try our own CloudProxy to help you with that. If you like the open source route, you can try OSSEC, Snort and ModSecurity to help you achieve that.

These principles are commonly applied to most secure networks (or on any business that needs to be PCI compliant), but not many website owners think of them for their own site / environment.

These are but a few high level recommendations; we recommend going through our blog for more ideas on how to keep your sites safe and ahead of the threats.

###

This was such an extraordinary threat to our membership I wanted to reach as many as possible as quickly as possible with the information to deal with the issue quickly.

We all owe the Sucuri security folks and the WordPress Security team a big thanks for the coordinated heads-up and the fast fix.

Announcements

WordCamp Austin 2014 will be in April, final location and dates TBA soon. It will be a two day event this year for $40, and we will have an online option for those who can’t attend in person. We are still looking for people who are interested in coordinating different aspects of the program. Join our Facebook group for updates and contact us at austin @ wordcamp.org to volunteer!

Presentation

Intro

One mistake some people make is trying to manage search engine optimization before the site has been built out. Best advice: work on your site and create good content and then worry about your SEO and Google rankings.

Be careful if you hire an SEO consultant – some will use automated spam tools, spammy backlinks, and things like that. Robert recommends that you contact previous clients to make sure you get what you’re paying for.

Why this plugin? You want someone who knows how to rank sites – and Yoast has a solid track record on how to do this. In Robert’s experience, this plugin has out-performed all others he’s tried. This plugin also provides live feedback on how well you are optimizing your content.

Go to Plugins tab > Add New

Search for WordPress SEO by Yoast

Install and activate

If you see a warning “blocking access to robots” which will happen if you have your site set to no-index. If this is an active site you will need to correct this in your Settings > Reading to allow search engines to index the site.

Make sure your permalinks are set and working correctly. Clicking on this will take you to your Permalinks setting, and the “Post name” setting is usually what you want.

You can use the Yoast plugin to claim your Webmaster tools. Google Webmaster is a good idea to claim so that you can submit a sitemap to Google and Google will crawl your site sooner. (Bing and Alexa are less important.)

How Yoast works in your admin Dashboard

In your pages and posts listing, you will get a SEO indicator. Ideally you want green lights all the way down. You will need to edit each post with content in the new SEO metabox below the post editor.

Page title, Meta Description, and Focus Keyword

The Focus Keyword field works a lot like the way Google works. You start typing in a phrase and you will see suggestions pop up that might help you refine your keyword. Once you have updated the SEO content, you will need to update the post or page. At that point you will see feedback in the posts/pages list. You are wanting to optimize for one keyword or phrase for each piece of content. More keywords will water down your results.

Your focus keyword should also feature in your first paragraph of the article. You don’t need to mention it over and over – that is not the case any more.

You need to have a unique page title and a unique meta description. The meta description isn’t important for ranking so much as it is to get people to click on your link. There’s no point in keyword stuffing here, but instead to write a description that sells the content and makes people interested in reading more. Your title is important for SEO. You want to put the keyword phrase as close to the beginning as possible, but also make a reasonable title.

Meta keywords are not used by Google. You can ignore them if you want.

Article Heading: the title of the post or the page in the post editor. It’s a great idea to repeat the focus keyword here

Permalink/Page URL: ideally you will want to have the keyword phrase here as well.

Page Analysis tab: will provide a breakdown on what you still need to do to optimize your content, listed in priority order.

Body Content: The content that matters the most to Google will be your body content. Sidebars, footers, sliders are all also important for SEO but considered secondary to the body content.

Multiple topics: If your content covers several topics, it should all be focused on a single concept/phrase/keyword. If that isn’t easily done, your content may not be focused enough.

Home page, category page, etc.: The home page is special. Tailor a phrase for your home page that applies to all of your content and a focus keyword that works for the content as a whole. For home pages without text or content other than images – that’s something to address.

Pay Per Click pages: Generally should be set to no-index because those can hurt your SEO.

General SEO strategies

You don’t want your entire site indexed in Google.

Use good alt texts and image names. Use keywords where relevant.

Try to get brand names, artist names into the posts and image names/alt tags

Don’t add the same keyword for a gallery of images; mention keyword on a couple. Instead just make sure all images have names and alt tags that have relevance for the images themselves.

For existing pages and posts

Image attachment pages generally are not useful for SEO and should be no-indexed

Major theme companies are good at building in good SEO practices. Robert recommends StudioPress, iThemes, WooThemes. They also generally have good support. (You can get yourself in trouble with Theme Forest.)

Custom post types: if you are trying to rank custom post types, and if that content is important, ideallyyou would not want query strings attached to those pages and they should have clean permalinks.

Use a dash (hyphen) to separate keywords in image titles, URLs, etc.

Settings within Yoast

Use the WordPress “Help” tab for descriptions for different settings

Meta settings: good to set archives to no-index; may wish to check several other options here as well

Home – you can modify your home page URL structure and you can add a page description

Post types: will vary; this tab will set the default for each page if you don’t set something separate for individual pages

Attachment pages – best to no-index them

Do not no-index posts and pages!

Taxonomies: categories and tags oh my! Great for helping people find content on your site but not an SEO tool! Keep them tight and focused. For most sites keep categories under 10 and group your site into semantic categories that make sense for your site.

Tag pages are watering down the quality of your site because they will have tons of duplicate content; no-index them! If people do find your site through one of those pages, they aren’t going to have a good idea of your site or a good call to action. Same thing for category pages in most cases.

Format pages: no-index

No-index or even disable author and date archive pages because they can create duplicate content.

Social Settings

Add Open Graph meta data so correct data from your site is shared on FB

Add Twitter username if you use Twitter

Google+ is showing thumbnails of contributors to high value sites but not everyone. You can set the admin as the G+ profile but they will need to have a Google+ profile added in the WordPress profile page. If your thumbnail appears it can improve your click-through rate considerably.

Sitemaps

Remove media, taxonomies and any pages you have disabled in your other settings

Permalinks

strip category base

enforce trailing space – can be good for click tracking, canonical URLS but can cause issues with plugins

wouldn’t mess with much

Canonical settings – usually just leave with default settings

Internal Links

Breadcrumbs can be good for users and Google crawlers, but if your theme doesn’t support them, you may need to modify your theme’s template files

Big thanks to our co-organizers & sponsors for helping out with the meetup, WordCamp Austin, everything. It’s you guys stepping up to the plate and helping out that makes all the difference.

Jason, Shayda, and everyone at WP Engine – you guys have been great in helping us out since you started. Your enthusiasm and passion for WordPress is contagious and addictive. I can’t say enough about your help in the community. I’m going to get verklempt.

Bobbie & BuildASign – you have been integral in our growth. Stepping up with a second location for the Hands-On meetup has been wonderful. We love meeting there & hope to keep working with you as long as you’ll have us.

Speaking of growth, this year, with Blossom, Bobby Brooks, Jackie Dana and Nick & Sandi’s help, we added three monthly meetups in-between our foundational ones. I could hug each & every one of you for finding ways to increase our in-person outreach. Having 1500 members on meetup.com is one thing; getting in-person contact with them all is something else entirely. The more members who step up and host meetups, the closer we can get to making contact with everyone. ( I can dream… )

I think the efforts of everyone is evident in our membership growth. We had 1000 members right around last year’s WordCamp. In less than a year, we’re just over 1500.

A hell of a year!

I thought I’d just say “Thank You” to all of you and to the group & community. I smile when I think about being a part of this.